Vulnerabilities > Cisco > Unified Communications Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-17 | CVE-2017-3877 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager 11.5(1.11.007.2) A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web interface of the affected software. | 4.3 |
| 2017-03-17 | CVE-2017-3872 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. | 4.3 |
| 2017-02-22 | CVE-2017-3836 | Information Exposure vulnerability in Cisco Unified Communications Manager 11.5(1.11007.2) A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. | 4.0 |
| 2017-02-22 | CVE-2017-3833 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 12.0(0.99999.2) A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. | 4.3 |
| 2017-02-22 | CVE-2017-3829 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.0(1.10000.10)/11.5(1.10000.6) A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2017-02-22 | CVE-2017-3828 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.0(1.10000.10)/11.5(1.10000.6) A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2017-02-22 | CVE-2017-3821 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 10.5(2.14076.1) A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. | 4.3 |
| 2017-01-26 | CVE-2017-3802 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 12.0(0.99000.9) A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 4.3 |
| 2017-01-26 | CVE-2017-3798 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.12000.1) A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. | 4.3 |
| 2016-12-14 | CVE-2016-9210 | Path Traversal vulnerability in Cisco Unified Communications Manager 11.5(1.11007.2) A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. | 5.0 |